Transcription

2 Interoperability with HSPD12 Capability PIV provides a secure common credential, credentialing methodology and trust model for the federal government Interoperability using PIV standards provide for secured and authorized federated access and shared information for personnel across the Federal Government Federated Access Sharing information to register, authenticate or provide attributes for authorization decisions

4 Biometric Enrollment Process - Future Success Case 1 Biographic and Biometric information captured at enrollment station/service 2. Biographic information checked against PDR and then used to create and set systems ID from interaction with the IdMS 3. Biometric information sent for enrollment to IDProTECT with generated system id 4. IDProTECT does a 1 to many search of the Biometrics database 5. No match so IDProTECT adds to data store along with System ID and returns success 6. Successful return causes Enrollment service to store biographic data in IdMS along with photo and original 2 prints gathered by Enrollment station 7. Enrollment ID sent down to enrollment station and printed (enrollee asked to wait 24 hours before going to base registrar) 8. Biometrics are sent to IAFIS and matched against Red Force prints 9. Results returned and stored in Vetting info data store along with a flag in the biometrics store and IdMS ENROLLMENT PROCESS PDR (DEERS) Local DOD Population Enrollment System Vetting Information Registry Security Interface Base Security Registry and Access Card Issuance Local Access Cardholder PACS Registrar DOD Local Population IdMS Authentication & Registry Service Local Access Requestor 6 Vetting info 2 Local Population Enrollment Service Enrollment Station Enrollment Declaration Identifier Local Access Requestor IAFIS 1 Other DOD BIO DBs Biometrics Vetting 9 Biometrics (IDProTECT) 4 8 Biometric Enrollment Service (IDProTECT) Enroller

7 Federated Access Perhaps less obviously it requires A Means for a relying party to Register a PIV credential holder for access A Means for a relying party to Authorize a PIV credential holder for access Both for physical and logical (network) access

9 Securing Person Identity The PIV is not your identity The PIV is a credential to Authenticate Person Identity Affiliation (agency) Role (Civilian, Contractor) In order to secure and trust a Person Identity it must be strongly linked to the credential so that the credential asserts it It cannot be self-revealed outside the credential authentication It must be available either From the credential itself From an identity source accessible using the credential

10 Attributes for Authorization Implicit Authorization based on what you are (your attributes) Your affiliation (e.g. Army) Attributes Your role (e.g. Active Duty) plus Other attributes Access Rules U.S. Citizen equals Clearance Rank Permissions First responder Explicit Authorization based on who you are AUTHORIZATION REQUIRES ATTRIBUTES (WHO AND WHAT YOU ARE)

17 DOD/DHS Backend Attribute Exchange Pilot Started in December 2008 First tests scheduled for Using basic Backend Attribute Exchange (BAE) Architecture defined by the Architecture Working Group (AWG) for HSPD12

The Government-wide Implementation of Biometrics for HSPD-12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy September 24, 2008 1 The HSPD-12 Mandate Home Security

Federal CIO Council Information Security and Identity Management Committee IDManagement.gov What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form December 3, 2012 HSPD-12

Enrolling with PIV and PIV-I Velocity Enrollment Manager Overview The Homeland Security Presidential Directive 12 (HSPD-12) called for a common identification standard to be adopted by all Federal Government

General HSPD-12 FAQs can be found online at: http://lincpass.usda.gov/faq.html HSPD-12 Policy/Business Process 1. How long is the entire process for Non-Employees? After enrollment, applicants should receive

GAO United States Government Accountability Office Report to Congressional Requesters September 2011 PERSONAL ID VERIFICATION Agencies Should Set a Higher Priority on Using the Capabilities of Standardized

INFORMATION SHARING ENVIRONMENT GUIDANCE (ISE-G) IDENTITY AND ACCESS MANAGEMENT FRAMEWORK FOR THE ISE VERSION 1.0 1. Authority. The National Security Act of 1947, as amended; The Intelligence Reform and

Journey to Peak Performance Mountain Point NCTA Mobility Network Agile Methodologies Background 2000: Inception U.S. Army Biometric Program 2003: Biometrics could be used to prevent the enemy in Iraq and

Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE

U.S. Department of Agriculture HSPD 12 Program USDA HSPD-12 Implementing PIV cards @ USDA April 2009 USDA and the GSA HSPD-12 Shared Solution USDA has been at the forefront of driving a shared solution

This document is scheduled to be published in the Federal Register on 09/05/2013 and available online at http://federalregister.gov/a/2013-21491, and on FDsys.gov Billing Code 3510-13 DEPARTMENT OF COMMERCE

Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that

Defense Manpower Data Center (DMDC) Identity Web Services (IWS) Business Guide Abstract This guide is designed to help Identity Web Services customers select among the available services, and to assist

THE IDENTITY COMPANY The Leading Provider of Identity Solutions and Services in the U.S. MorphoTrust USA MorphoTrust USA Our Value Uniquely Identifying Individuals: MorphoTrust is entrusted to ensure that

Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent

and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which

Single Sign-On Security and comfort can be friend. Arnd Langguth alangguth@novell.com September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?

Personal Identity Verification Card By this time, Executive Branch agencies and departments should have the Personal Identity Verification (PIV) part I processes defined and in place. This paper focuses

Identity and Access Management Initiatives in the United States Government Executive Office of the President November 2008 Importance of Identity Management within the Federal Government "Trusted Identity"

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 THE DIRECTOR M-05-24 August 5, 2005 MEMORANDUM FOR THE HEADS OF ALL DEPARTMENTS AND AGENCIES FROM: SUBJECT: Joshua

September 2005 PUBLIC DRAFT Acknowledgements The Office of Management and Budget and the Federal Identity Credentialing Committee would like to acknowledge the significant contributions of the National

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM Four Pillars that HSPD-12 Programs must consider for a secure, efficient, interoperable PIV enterprise deployment. Continued HSPD-12 Implementation under OMB

Department of Defense INSTRUCTION NUMBER 1000.13 January 23, 2014 USD(P&R) SUBJECT: Identification (ID) Cards for Members of the Uniformed Services, Their Dependents, and Other Eligible Individuals References:

PRIVACY IMPACT ASSESSMENT (PIA) For the Naval Audit Service Information Management System (NASIMS) Department of the Navy - DON/AA - NAVAUDSVC SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense

Architecture for Issuing DoD Mobile Derived Credentials David A. Sowers Thesis submitted to the faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

Government Compliance Document FIPS 201, FIPS 197, FIPS 140-2 AMAG Technology has been providing tailored and unified security solutions across a range of government agencies facilities for many years.

STATEMENT OF WORK For Credentialing and Validation Support for DC Homeland Security & Emergency Management Agency (DC HSEMA) IN SUPPORT OF THE GOVERNMENT OF THE DISTRICT OF COLUMBIA November 15, 2012 1.